From owner-freebsd-current Tue Feb 25 07:38:25 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id HAA27753 for current-outgoing; Tue, 25 Feb 1997 07:38:25 -0800 (PST) Received: from veda.is (ubiq.veda.is [193.4.230.60]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA27746 for ; Tue, 25 Feb 1997 07:38:20 -0800 (PST) Received: (from adam@localhost) by veda.is (8.8.4/8.7.3) id PAA29172; Tue, 25 Feb 1997 15:50:31 GMT From: Adam David Message-Id: <199702251550.PAA29172@veda.is> Subject: Re: cvs commit: src/usr.bin/su su.1 su.c In-Reply-To: <9702251506.AA14280@halloran-eldar.lcs.mit.edu> from Garrett Wollman at "Feb 25, 97 10:06:47 am" To: wollman@lcs.mit.edu (Garrett Wollman) Date: Tue, 25 Feb 1997 15:50:30 +0000 (GMT) Cc: current@freebsd.org X-Mailer: ELM [version 2.4ME+ PL31 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > wheel:*:0:root #"only root can su" > > wheel:*:0: #anyone can su > > This is very counterintuitive, actually, since root is a member of > group `wheel' regardless of whether it's listed in /etc/group or not. Intuition is not a single thread, and I agree also with your view Garrett. How about the earlier suggestion... wheel:*:0:* #everyone belongs to wheel But is this identical with the desired behaviour? > I have long believed that the current implementation of group checking > in the `su' command is a crock. The correct behavior of the command > would be to call getgroups(2) and check the result for a GID of 0. Good point. -- Adam David